Field of the Invention
The present invention is related to application of security policies and, in particular, to a method and system for configuring a computer system according to the security policies.
Description of the Related Art
Personal computer systems and workstations are used for work in the office. This can impose some security risks on the enterprise network. In order to safely integrate employee's computer systems into the network of the enterprise, data access has to be separated and limited. The separation of data access is usually implemented by security policies. However, application of the security policies on a computer system requires a number of actions.
For example, the security policies may require installation or removal of certain application(s), switching off or turning on a particular device (e.g., Bluetooth adapter), configuration of connection/session parameters or configuration of applications and devices. Often, even experienced employees cannot (or do not want to bother to) perform the above actions on their personal computer system according to the security policies' requirements of the enterprise. A large number of device vendors and applications, and complexity of configurations and limited access to configuration data make configuration of employee's personal computer system rather difficult, if not impossible.
Additionally, a current state of the computer system has to be taken into consideration. If a computer system has a number of applications and configurations that are actually required by the security policies, the process of computer system configuration according to the enterprise security policies can be simplified. There are a number of conventional solutions used for optimization of application of security policies.
For example, U.S. Pat. No. 6,799,197 describes a procedure for implementing a security policy on the computer system. The application of the security policy is implemented by an agent and a server controlling the security policies. In order to implement a security policy, an installation package is formed. The installation package is then installed on the device. Control of the security policies is implemented over a public network, Internet or email. However, this reference does not describe an algorithm for generating packages and instructions for changing configuration of a target computer. Additionally, it relies on a required presence of an installed agent application.
U.S. Pat. No. 7,665,125 provides an algorithm for determining and implementing a security policy on a mobile computer system based on user-related data. A server (or a web server) determines a security policy and a role of the mobile computer system for a user. Then, an agent installs and configures applications according to the security policy using installation packages for security policies. However, the conventional solutions provide for only partial simplification of configuration of a computer system according to requirements of the security policy.
Accordingly, a method and system for efficient configuration of a computer system according to the security policy is desired.